From 97bc679cbbfa8c7a7a4e516b8ad00e17c9e467e9 Mon Sep 17 00:00:00 2001 From: Jens L Date: Fri, 12 Apr 2024 01:42:31 +0200 Subject: [PATCH] internal: add tests to go flow executor (#9219) Signed-off-by: Jens Langhammer --- .github/workflows/repo-stale.yml | 2 +- internal/outpost/flow/executor.go | 4 +- internal/outpost/flow/solvers_mfa_test.go | 68 +++++++++++++++++++++++ 3 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 internal/outpost/flow/solvers_mfa_test.go diff --git a/.github/workflows/repo-stale.yml b/.github/workflows/repo-stale.yml index 24f0ac0fb0..4918171953 100644 --- a/.github/workflows/repo-stale.yml +++ b/.github/workflows/repo-stale.yml @@ -23,7 +23,7 @@ jobs: repo-token: ${{ steps.generate_token.outputs.token }} days-before-stale: 60 days-before-close: 7 - exempt-issue-labels: pinned,security,pr_wanted,enhancement,bug/confirmed,enhancement/confirmed,question + exempt-issue-labels: pinned,security,pr_wanted,enhancement,bug/confirmed,enhancement/confirmed,question,status/reviewing stale-issue-label: wontfix stale-issue-message: > This issue has been automatically marked as stale because it has not had diff --git a/internal/outpost/flow/executor.go b/internal/outpost/flow/executor.go index 10dca6bb5f..d1e898308c 100644 --- a/internal/outpost/flow/executor.go +++ b/internal/outpost/flow/executor.go @@ -86,7 +86,9 @@ func NewFlowExecutor(ctx context.Context, flowSlug string, refConfig *api.Config Jar: jar, Transport: fe, } - fe.token = strings.Split(refConfig.DefaultHeader["Authorization"], " ")[1] + if authz, ok := refConfig.DefaultHeader["Authorization"]; ok { + fe.token = strings.Split(authz, " ")[1] + } config.AddDefaultHeader(HeaderAuthentikOutpostToken, fe.token) fe.api = api.NewAPIClient(config) return fe diff --git a/internal/outpost/flow/solvers_mfa_test.go b/internal/outpost/flow/solvers_mfa_test.go new file mode 100644 index 0000000000..7b523b05d5 --- /dev/null +++ b/internal/outpost/flow/solvers_mfa_test.go @@ -0,0 +1,68 @@ +package flow_test + +import ( + "context" + "encoding/base64" + "fmt" + "strconv" + "testing" + + "github.com/gorilla/securecookie" + "github.com/sirupsen/logrus" + "github.com/stretchr/testify/assert" + "goauthentik.io/api/v3" + "goauthentik.io/internal/outpost/flow" +) + +func testSecret() string { + return base64.RawURLEncoding.EncodeToString(securecookie.GenerateRandomKey(32)) +} + +func TestFlowExecutor_SetSecrets_Plain(t *testing.T) { + fe := flow.NewFlowExecutor(context.TODO(), "", api.NewConfiguration(), logrus.Fields{}) + pw := testSecret() + fe.SetSecrets(pw, false) + assert.Equal(t, pw, fe.Answers[flow.StagePassword]) + assert.Equal(t, pw, fe.Answers[flow.StageAuthenticatorValidate]) +} + +func TestFlowExecutor_SetSecrets_TOTP_6(t *testing.T) { + fe := flow.NewFlowExecutor(context.TODO(), "", api.NewConfiguration(), logrus.Fields{}) + pw := testSecret() + totp := 123456 + formatted := fmt.Sprintf("%s%s%d", pw, flow.CodePasswordSeparator, totp) + fe.SetSecrets(formatted, true) + assert.Equal(t, pw, fe.Answers[flow.StagePassword]) + assert.Equal(t, strconv.Itoa(totp), fe.Answers[flow.StageAuthenticatorValidate]) +} + +func TestFlowExecutor_SetSecrets_TOTP_8(t *testing.T) { + fe := flow.NewFlowExecutor(context.TODO(), "", api.NewConfiguration(), logrus.Fields{}) + pw := testSecret() + totp := 12345678 + formatted := fmt.Sprintf("%s%s%d", pw, flow.CodePasswordSeparator, totp) + fe.SetSecrets(formatted, true) + assert.Equal(t, pw, fe.Answers[flow.StagePassword]) + assert.Equal(t, strconv.Itoa(totp), fe.Answers[flow.StageAuthenticatorValidate]) +} + +func TestFlowExecutor_SetSecrets_TOTP_TooLong(t *testing.T) { + fe := flow.NewFlowExecutor(context.TODO(), "", api.NewConfiguration(), logrus.Fields{}) + pw := testSecret() + totp := 1234567890 + formatted := fmt.Sprintf("%s%s%d", pw, flow.CodePasswordSeparator, totp) + fe.SetSecrets(formatted, true) + assert.Equal(t, formatted, fe.Answers[flow.StagePassword]) + assert.Equal(t, "", fe.Answers[flow.StageAuthenticatorValidate]) +} + +func TestFlowExecutor_SetSecrets_TOTP_NoCode(t *testing.T) { + fe := flow.NewFlowExecutor(context.TODO(), "", api.NewConfiguration(), logrus.Fields{}) + pw := testSecret() + fe.SetSecrets(pw, true) + assert.Equal(t, pw, fe.Answers[flow.StagePassword]) + assert.Equal(t, "", fe.Answers[flow.StageAuthenticatorValidate]) + fe.SetSecrets(pw+flow.CodePasswordSeparator, true) + assert.Equal(t, pw, fe.Answers[flow.StagePassword]) + assert.Equal(t, "", fe.Answers[flow.StageAuthenticatorValidate]) +}